Finance privacy notice

This privacy notice tells you what information Corporate Services Finance collects and uses, and your rights regarding your information.

General information

Suffolk County Council’s Corporate Services Finance is responsible for providing financial services, for example, making payments to individuals and providers. On occasions we may need to collect and use personal data in order to fulfil these duties.

The processing of personal data is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018), collectively referred to as data protection law

This privacy notice explains how Corporate Services Finance uses information about you when you contact us or use our services, and how we protect your privacy.

Suffolk County Council is the controller for the personal information that is being processed. If you have any queries about how Corporate Services Finance is collecting or using your personal data, you can contact the Chief Financial Officer (section 151 Officer) via email to:

Contact details for the council’s Data Protection Officer and Compliance Manager can be found in the council’s corporate privacy notice, which is available on the council’s website.

The types of information that are processed by Corporate Services Finance include:

  • Name
  • Contact details including address, email address and telephone number
  • Your bank account details
  • Details of charges for services provided to you by, or on behalf of, Suffolk County Council
  • Details of payments made to you by Suffolk County Council.

Whilst the majority of Corporate Services Finance information that is provided to us by individuals and organisations is mandatory, some of it is provided to us on a voluntary basis.

In order to comply with data protection legislation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.

Corporate Services Finance data is used to:

  • enable us to carry out specific functions for which we are responsible, including:
  1. making payments to individuals and service providers
  2. collecting direct debits to settle invoices issued to individuals for services provided by, or on behalf of, Suffolk County Council
  • assess performance and to set targets for paying individuals and collecting income on time
  • delivery of services and support to you
  • managing our services
  • investigating complaints about our services
  • monitoring and protecting public spending
  • monitoring the quality of our services to ensure they are delivered in the most efficient and effective way
  • helping us to improve and plan new services
  • complying with laws that require us to provide personal information to other organisations, such as health organisations and courts.

Personal data

Under data protection law, Corporate Services Finance can only process your personal data if it is lawful to do so. Please see the details below of the lawful bases that we rely on for processing different types of personal data.

For processing personal data, we rely on the following lawful bases:

  • UK GDPR Article 6(1)(e) – where processing is necessary for us to perform a task which is in the public interest (public task) as set out under the Local Government Acts and Care Acts.

Special category data

When we process special category data, we rely on the following additional lawful basis(es):

  • UK GDPR Article 9(2)(b) – where processing is necessary for Finance to carry out specific obligations or exercise rights relating to employment, social security, and social protection (Schedule 1, Part 1, section 1, DPA 2018)
  • UK GDPR Article 9(2)(f) – where processing is necessary to establish, carry out or defend legal claims
  • UK GDPR Article 9(2)(g) – where processing is necessary for reasons of substantial public interest, specifically:
  1. for statutory and government purposes (Schedule 1, Part 2, section 6, DPA 2018)
  2. for preventing fraud (Schedule 1, Part 2, section 14, DPA 2018).

In order to provide our services, it is necessary for Corporate Service Finance to share information. We routinely share data with the following recipients for the reasons provided:

  • banks in order to make payment to your bank account or collect money by way of a direct debit
  • companies and organisations under contract that supply us with IT services for the purposes of completing the functions of the Finance service. In doing so we may transfer your information to other countries, but only to countries which can demonstrate adequate levels of data protection in accordance with the UK Information Commissioner’s advice on ‘International Transfers’ of personal data.

We do not transfer any personal data to any countries or international organisations outside of the EU, the EEA (European Economic Area), or any other country that does not have an equivalent level of data protection to the UK.

We keep personal data for as long as we need it to fulfil the purpose that it was collected for, and in line with any statutory or locally determined retention periods.

For Corporate Services Finance, the statutory retention period is six years, plus the current financial year. At the end of this period, it is reviewed and securely destroyed as appropriate.

Corporate Services Finance does not use automated decision-making processes or profiling in respect of your information.

Under data protection law, you have the right to request access to the information that we hold about you. If you would like to make a request to access your personal information, please contact:

You also have other rights regarding your personal data. You can find out more information about these rights by looking at the council’s corporate privacy notice.

If you would like independent advice on this privacy notice or other matters about how Suffolk County Council processes your personal data, including how to make a complaint, you can contact the Information Commissioner's Office at:

Wycliffe House
Water Lane
Telephone: 0303 123 1113